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(54) Traffic management for frame relay switched data service 



(57) A new type of data transport service which 
uses a frame relay layer 2 data link connection identifier 
(DLCI) to select among various service types, feature 
sets, and/or closed user groups (CUGs). A layer 3 
address may be extracted from a layer 2 frame, and the 
layer 3 address information may be used to route a data 
packet over a packet-switched network according to the 
service classes, feature sets, and/or CUGs selected. At 
the destination, the layer 3 data packet may again be 
enclosed in a layer 2 frame with a DLCI indicating the 
service classes, features sets, and/or CUGs. Because 
the use of conventional permanent virtual circuits 
(PVCs) is not required in aspects of the invention, new 
methods of measuring and managing network traffic are 
presented. 
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Description 

BACKGROUND OF THE INVENTION 

1. Technical Field 

[0001] The present invention is directed to systems 
and methods for implementing improved network archi- 
tectures, and more specifically to systems and methods 
for routing internet protocol (IP) packets using modified 
frame relay protocols. 

2. Description of the Related Arts 

[0002] Recently, the popularity of large Amesheds 
networks has been increasing. However, large-scale 
highly-meshed networks can be difficult to implement, 
maintain, and manage using conventional network tech- 
nologies. 

[0003] An example of a conventional mesh configura- 
tion is shown in Fig. 1. A wide-area network (WAN) 900 
includes a plurality of routers R Ai R B , R c , R D , (customer 
premises equipment (CPE)) respectively disposed at a 
plurality of end user locations A, B, C, and D and inter- 
connected to a service providers network (SPN) 901 
via respective user-network interfaces (UNI) 920-1, -2. 
.... -n. The user-network interfaces 920 may be vari- 
ously configured to be, for example, an asynchronous 
transfer mode (ATM) switch having a frame relay inter- 
face to CPE. Connecting the sites together are logical 
paths called, for example, permanent virtual circuits 
(PVCs) P A _ C , Pa.d, P b . D) p a . b , p^g, that are character- 
ized by their endpoints at the UNIs 920-1, 920-2, 
920-n and a guaranteed bandwidth called the commit- 
ted information rate (CIR). 

[0004] Fig. 2 provides a detailed view of the flow of 
data across the WAN 900. There exists a plurality of lay- 
ers of protocol over which communications may occur. 
For example, the well-known layers of the International 
Standards Organization=s (ISO) Open Systems Inter- 
connect Model having layers from a physical layer (layer 
1). a datalink layer (layer 2), a network layer (layer 4), up 
through and including an application layer (layer 7). 
Under this model, user data 902 is generated by a user 
application running at the application layer 903. At the 
transport layer (layer 4) 904, a source and destination 
port address 906 (as part of the TCP header (layer 4)) 
may be added to the user data 902. At the network layer 
(layer 3) 905, an additional header (i.e., an IP header 
(layer 3)) containing source and destination IP 
addresses) 908 may be added. Thus, the layer 3 user 
data field includes the layer 4 user data 902 plus the 
layer 4 header 906. The layer 3 protocol data unit (PDU) 
902, 906, 908, which makes up, for example, a IP 
packet 950, is then passed down to layer 2 909 in the 
CPE (routers R A . R B , Rc. Fy that interfaces to the SPN 
901. In the router, a table maps one or more IP 
addresses (layer 3) 908 to an appropriate P VC or PVCs 
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( p a-c. p A-r> p b-o p a-b. p c-b)* Tn© router table is main- 
tained by the customer. Once the correct PVC is located 
in the routing table, the corresponding data link connec- 
tion identifier (DLCI) (layer 2) 912 is coded into the 

s header of the frame relay frame 914 (packet). Thereaf- 
ter, the remainder of the frame relay frame is included 
and a frame check sum (FCS) is computed. The frame 
is then passed down to the physical layer and transmit- 
ted to the SPN 901. 

10 [0005] At the UNI 920, the frame is checked for validity 
to determine if there is a predefined PVC associated 
with the DLCI 91 2. If so, the frame 91 4 is then forwarded 
on that PVC through the network along the same path 
and in the same order as other frames with that DLCI, 

is as depicted in Fig. 2. The layer 2 frame information 
remains as the packet traverses the frame relay network 
whether this network is actually implemented as a frame 
relay network or other network such as a ATM network. 
The frame is carried to its destination without any fur- 

20 ther routing decisions being made in the network. The 
FCS is checked at the egress UNI, and if the frame is 
not corrupted, it is then output to the UNI associated 
with the end user. 

[0006] As is well known in the art, Figs. 1-3 provide 

25 exemplary diagrams of how the frame relay data pack- 
ets are assembled at the various ISO layers using the 
example of TCP/IP protocol transport over a frame relay 
data link layer. The example shows how the user data at 
the application layer is Awrapped= in succeeding enve- 

30 lopes, making up the PDUs, as it passes down the pro- 
tocol stack. Specifically, the composition of the Header 
field is expanded for detail and is shown in Fig. 5. The 
data link connection identifier (DLCI) field comprises 10 
bits spread over the first and second octet, and allows 

35 for 1023 possible addresses, of which some are 
reserved for specific uses by the standards. As shown in 
Fig. 3, the DLCI is added to the frame relay header 
according to what destination IP address is specified in 
the IP packet. This decision about what DLCI is chosen 

40 is made by the CPE , usually a router, based on config- 
uration information provided by the customer that pro- 
vides a mapping of IP addresses into the PVCs that 
connect the current location with others across the WAN 
900. 

45 [0007] In conventional frame relay, a layer 2 Q.922 
frame carries the layer 3 customer data packet across 
the network in a permanent virtual circuit (PVC) which is 
identified by a data link connection identifier (DLCI). 
Thus, the DLCIs are used by the customer as 

so addresses that select the proper PVC to carry the data 
to the desired destination. The customer data packet is 
carried across the network trasparently ad its contents 
is never examined by the network. 
[0008] The conventional meshed frame relay network 

55 discussed above has a number of limitations. For exam- 
pie, every time a new end user location is added to the 
meshed network, a new connection is required to be 
added to every other end user location. Consequently, 
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all of the routing tables must be updated at every end 
user location. Thus, a Aripples effect propagates 
across the entire network whenever there is a change in 
the network topology. For large networks with thou- 
sands of end user locations, this ripple effect creates a 5 
large burden on both the network provider to supply 
enough permanent virtual circuits (PVCs) and on the 
network customers in updating all of their routing tables. 
Further, most routers are limited to peering with a max- 
imum of 10 other routers which makes this network w 
topology difficult to implement. As networks grow in 
size, the number of PVCs customers need to manage 
ad map to DLCIs increases. Further complicating the 
problem is a trend toward increasing Ameshedness= of 
networks, meaning more sites are directly connected to 75 
each other. The result is a growth in the number and 
mesh of PVCs in networks that does not scale well with 
current network technologies. 

[0009] A possible solution for handling large meshed 
networks is to use a virtual private network (VPN) which 20 
interconnects end user locations using encrypted traffic 
sent via Atunneling= over the internet. However, VPNs 
are not widely supported by internet service providers 
(ISPs), have erratic information rates, and present a 
number of security concerns. 25 
[0010] Another possible solution is the use of frame 
relay based switched virtual circuits (SVCs). While 
PVCs (discussed above) are usually defined on a sub- 
scription basis ad are analogous to leased lines, SVCs 
are temporary, defined on an as-needed basis, and are 30 
analogous to telephone calls. However, SVCs require 
continuous communications between all rooters in the 
system to coordinate the SVCs. Further, because the 
tables mapping IP addresses to SVC addresses are 
typically manually maintained, SVCs are often impracti- 35 
cal for large highly-meshed networks. Security is a 
major concern for SVC networks where tables are mis- 
managed or the network is spoofed. Further, frame 
SVCs are difficult to interwork with asynchronous trans- 
fer mode (ATM) SVCs. 40 
[0011] None of the above solutions adequately 
address the growing demand for large mesh networks. 
Accordingly there is a need for network architectures 
which enable implementation of large mesh networks 
having security, low maintenance costs, efficient opera- 45 
tions, and scalability. 

SUMMARY OF THE INVENTION 

[001 2] Aspects of the present invention solve one or so 
more of the above-stated problems and/or provide 
improved systems and methods for implementing a net- 
work architecture. 

[0013] A new type of data transport service takes 
advantage of the existing base of frame relay customer ss 
premises equipment (CPE) and customers while offer- 
ing a new mechanism for providing extensible service 
features to those customers. In the new service, data 
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link connection identifiers (DLCIs) may be used by the 
CPE to select among service types, feature sets, and 
closed user groups (CUGs). The DLCI is used in the 
layer 2 frame that conveys the user data to the network. 
The layer 3 user data packet is extracted from the layer 
2 frame and the layer 3 address information for the 
(routable) protocol is used to route the user data packet 
over a high-performance packet switched network, 
according to the service class / feature set selected by 
the DLCI. At the destination, the layer 3 data packet is 
again enclosed in a layer 2 frame with a DLCI that indi- 
cates to which service group it belongs. The frame is 
then forwarded to the CPE. Use of this technique will 
allow the existing frame relay CPE to support, over the 
same physical interface, conventional frame relay serv- 
ice with a range of DLCIs that are linked to logical paths 
such as permanent virtual circuit (PVCs), as well as a 
rage of DLCIs that are linked to service and/or feature 
sets. This will allow a robust method for extension of 
new services to the frame relay installed base, with min- 
imal impact to existing customer equipment. 
[0014] In some aspects of the invention, frame relay 
DLCIs are used for selecting among various Aservice 
categories.= This differs significantly from conventional 
frame relay, which uses DLCIs only to select PVCs 
and/or switched virtual circuits (SVCs). Service catego- 
ries may include, but are not limited to. communication 
via the public internet, communication via a local 
intranet, communication within a closed user group 
(CUG), communication with a extranet (e.g., a network 
of trusted suppliers or corporate trading partners), live 
audioAfldeo transmission, multicasting, telephony over 
internet protocol (IP), or any combination thereof. Thus, 
the concept of a frame relay PVC is significantly 
expanded by aspects of the present invention. For 
example, the location of an intended network endpoint 
recipient is not necessarily determined by a DLCI at a 
sending network endpoint. The DLCI may represent a 
service category with the intended recipient indicated 
by an IP address within the frame relay packet. This 
results in a significant benefit to network customers 
because, unlike that of conventional frame relay, cus- 
tomers no longer need to update their local DLCI tables 
each time a network customer with whom they wish to 
communicate is added or removed from the network. 
Thus, the customer's burden of network administration 
is substantially reduced. 

[0015] In sub-aspects of the invention, some DLCIs 
may be used to select among service categories 
(Aservice category DLCIs=) while in the same network 
other DLCIs may be used to select conventional PVCs 
anchor SVCs (Aconventional DLCIss). In other words, 
conventional frame relay may be mixed with aspects of 
the present invention within the same network, allowing 
aspects of the present invention to be incrementally 
implemented in existing conventional frame relay net- 
works. 

[0016] In further aspects of the invention, addressing 
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contained in multiple layers (e.g.. as defined by the 
Open System Interconnection model) are compared 
with each other in a network to determine routing errors. 
If the addressing in the layers are consistent with each 
other, then the associated data is routed without inter- 
ruption. On the other hand, if the addressing in the lay- 
ers is inconsistent with each other, the associated data 
may be specially handled. For example, the data may 
be discarded, sent to a pre-determined address, and/or 
returned to the sender. This address comparison may 
be applied to the sending address and/or the destina- 
tion address. An advantage of this multiple layer 
address comparison is that network security is 
increased. For instance, problems such as Aspoofing,= 
which is the practice of purposely providing an incorrect 
sending internet protocol (IP) address, are better con- 
trolled by such a method. 

[0017] In still further aspects of the invention, routing 
look-up tables within the network are separated such 
that, for example, each customer, closed user group 
(CUG), extranet, and/or intranet may have its own pri- 
vate partition and/or separate table. This can provide 
greater network speed because a router need not scan 
the entire available address space for all network cus- 
tomers at once. Furthermore, data security is improved 
because the risk of sending data to a wrong recipient is 
reduced. 

[0018] In yet further aspects of the invention, layer 3 
and/or layer 4 IP address information is utilized to route 
the fast packets through the network. 
[0019] In even further aspects of the invention, new 
network traffic management techniques and measure- 
ments are defined. For example, in some traffic-man- 
agement aspects of the invention, committed delivery 
rates (CDRs) may be assigned to one or more UNIs. A 
CDR is the average minimum data rate that is guaran- 
teed to be delivered to a given UNI when suff ident traffic 
is being sent to the UNI. In further traffic-management 
aspects of the invention, a destination rate share (DRS) 
is assigned to one or more UNIs. The DRS may be used 
to determine the share of traffic that a given UNI may 
send through the network. If several UNIs are simulta- 
neously offering to send traffic to the same destination 
UNI, then each sending UNI=s share of the network 
may be determined by its own DRS and the DRSs of the 
other sending UNIs. 

[0020] These and other features of the invention will 
be apparent upon consideration of the following detailed 
description of preferred embodiments. Although the 
invention has been defined using the appended claims, 
these claims are exemplary in that the invention is 
intended to include the elements and steps described 
herein in any combination or subcombination. Accord- 
ingly, there are any number of alternative combinations 
for defining the invention, which incorporate one or 
more elements from the specification, including the 
description, claims, and drawings, in various combina- 
tions or subcombinations. It will be apparent to those 



skilled in network theory and design, in light of the 
present specification, that alternate combinations of 
aspects of the invention, either alone or in combination 
with one or more elements or steps defined herein, may 
s be utilized as modifications or alterations of the inven- 
tion or as part of the invention. It is intended that the 
written description of the invention contained herein 
covers all such modifications and alterations. 

10 BRIEF DESCRIPTION OF THE DRAWINGS 

[0021] The foregoing summary of the invention, as 
well as the following detailed description of preferred 
embodiments, is better understood when read in con- 
is junction with the accompanying drawings. For the pur- 
pose of illustration, embodiments showing one or more 
aspects of the invention are shown in the drawings. 
These exemplary embodiments, however, are not 
intended to limit the invention solely thereto. 

20 

Fig. 1 illustrates a wide area network (WAN) having 
routers as CPEs and PVCs between customer 
locations. 

25 Fig. 2 shows data flow through the WAN shown in 
Fig. 1. 

Figs. 3-5 show the construction ad flow of data 
packets through the network. 

30 



Fig. 6 shows a block diagram of a network architec- 
ture in accordance with aspects of the present 
invention. 

35 Fig. 7 shows a detailed block diagram of the net- 
work illustrated in Fig. 6. 

Fig. 8A-8B shows a migration path for incorporating 
aspects of the invention into conventional network 
40 architectures. 

Fig. 9 shows data flow through the network archi- 
tecture of Fig. 6. 

45 Fig. 10 shows application based prioritization 
through the network architecture of Fig. 6. 

Fig. 1 1 illustrates an exemplary embodiment of a 
means to apportion services through the network of 
50 Fig. 6. 

Figs. 12-14 illustrate data fbw through exemplary 
WANsl. 

55 DETAILED D ESCRIPTION OF PREFERRED EMBOD- 
IMENTS 

[0022] Exemplary embodiments of the present inven- 
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tion allow the large installed base of frame relay cus- 
tomer premises equipment (CPE) to be maintained by 
using the same interface in a different way to deliver 
new sets of services and features to the customer. For 
example, the data link connection identifier (DLCI) 
known from the frame relay protocol may be used to 
select among several virtual private networks with differ- 
ing address spaces, feature sets, and/or conventional 
permanent virtual circuits (PVCs). 
[0023] Referring to Fig. 7, a block diagram of a wide 
area network (WAN) 1 incorporating aspects of the 
present invention is shown. The WAN 1 includes a plu- 
rality of customer premise equipment (CPE) system, for 
example routers located at each of the end user loca- 
tions and interconnected via one or more service pro- 
viders networks (SPNs) 500. The SPN 500 is typically 
connected to a plurality of endpoint routers 919 via a 
plurality of corresponding user network interfaces 
(UNIs) 402 and/or one or more internet protocol (IP) 
switches 502. The IP switches 502, UNIs 402, and/or 
routers/switches 501 may be interconnected so as to 
form a meshed network (e.g., a partial or fully meshed 
network). Additionally, the wide area network (WAN) 1 
may contain any number of IP switches 502 located 
within the WAN 1 such that it is not connected directiy to 
any endpoint routers 919, and/or one or more IP 
switches 502 may be located at an interface between 
the SPN 500 and a endpoint router 919. In further 
embodiments of the invention, there may be multiple 
endpoint routers 919 associated with a UNI 402/IP 
switch 502 and/or multiple UNIs 402/IP switches 502 
associated with a endpoint router 91 9. 
[0024] The network architecture of the WAN 1 allows 
the number of IP switches to increase as customers are 
transitioned to the new service. For example, as shown 
in Fig. 8A, initially there may be only a small number 
(e.g., one, two, three, etc.) of IP switches installed in the 
system. Where only a small number of IP switches are 
included in the network, traffic originating from non-IP 
enabled UNIs 402 (e.g., UNI A) may be routed to an IP 
switch 502 elsewhere in the network. Although this cre- 
ates some negligible inefficiencies in Abacktracking= it 
nonetheless allows a migration path to the new network 
architecture without simultaneously replacing all routers 

501 . However, as more and more users are transitioned 
to the new network architecture of WAN 1 , more and 
more IP switches can be added (Fig. 8B) to accommo- 
date the increased load. In many embodiments, it may 
be desirable to eventually convert each UNI 402 to an IP 
switch 502 such that IP routing may be accomplished at 
the edge of the network 

[0025] In some embodiments, the WAN 1 may include 
a combination of conventional network switches and/or 
routers 501 in addition to IP switches 502. On the other 
hand, every switch in the SPN 500 may be an IP switch 

502. Alternatively, the WAN 1 may contain only a single 
IP switch 502. The IP switches 502 may be variously 
configured to include a suitable multi-layer routing 



switch such as a Tag Switch from Cisco. Multi layer rout- 
ing switches may also be utilized from vendors such as 
Ipsilon, Toshiba, IBM, and/or Telecom. IP switches are 
currently being developed to replace endpoint routers 

5 so that customer premise equipment (e.g., Ethernet 
local area network (LAN) equipment) can connect 
directly to an asynchronous transfer mode (ATM) net- 
work. Aspects of the present invention propose using IP 
switches in a different manner to maintain the huge 

w installed base of customer premise equipment while 
avoiding the limitations of previous systems. Accord- 
ingly, the IP switches in accordance with embodiments 
of the invention are disposed within the SPN 500 and 
modified to provide suitable routing and interface func- 

15 tions. 

[0026] In some embodiments of the invention, an IP 
switch 502 acts as a multi-layer switch. For example, an 
IP switch 502 may receive ATM cells, switching some or 
all of the ATM cells based upon the content of IP pack- 

20 ets encapsulated within the ATM cells. Thus, tP 
addressing may be used by a IP switch 502 to deter- 
mine an ATM virtual path for sending ATM cells to a des- 
tination UNI 402. In further embodiments of the 
invention, higher layer addressing (e.g., transmission 

25 control program (TCP) logical ports at layer 4) may also 
be used by an IP switch 502 as a basis for switching 
ATM cells to provide a path through the SPN 500. In still 
further embodiments of the invention, an IP switch 502 
uses IP addresses and/or TCP logical ports to make 

30 quality of service (QOS) decisions. 

[0027] In further embodiments of the invention, an 
endpoint router 919 may encapsulate one or more IP 
packets in frame relay frame 914. In this event, the 
frame relay frames may be transmitted between an end- 
as point router 919 and a corresponding UNI 402 and/or IP 
switch 502. The endpoint router 919 encapsulates IP 
packets 950 with frame relay frames 914. Further, the 
endpoint router 919 may set the DLCI of each frame 
relay frame 914 according to a particular service cate- 

40 gory (if a service category DLCI is used) that the user 
has selected. For example, the various service catego- 
ries may include the public internet, communication via 
a local intranet, communication within a closed user 
group (CUG), communication with a extranet (e.g., a 

45 network of trusted suppliers or corporate trading part- 
ners), live audio/video transmission, multicasting, 
telephony over internet protocol (IP), or any combina- 
tion thereof. Thus, the concept of a frame relay PVC is 
significantly expanded by aspects of the present inven- 

so tion. For example, the location of an intended network 
endpoint recipient is not necessarily determined by a 
DLCI at the endpoint routers 919. 
[0028] In further embodiments of the invention, a UNI 
402 may receive frame relay frames 914 from an end- 

55 point router 919 and divides and encapsulates frame 
relay frames into, for example, smaller fixed-length ATM 
cells. The UNI 402 may further translates the frame 
relay DLCI into a ATM address (e.g., a virtual path iden- 
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tifier / virtual channel identifier (VPI/VCI)). There are 
various methods which may be used to translate DLCIs 
to VPI/VCIs. For example, the Network Interworking 
Standard as defined in Implementation Agreement #5 of 
the Frame Relay Forum, and/or the Service Interwork- 5 
ing Standard as defined in Implementation Agreement 
#8 of the Frame Relay Forum may be utilized. An ATM 
address associated with a service category DLCIs 
defines a ATM virtual path via network routers to an IP 
switch 502. Thus, ATM data associated with a service 10 
category DLCI is ultimately sent to an IP switch 502. 
However, ATM data associated with a conventional 
DLCI may or may not be sent to a IP switch 502 ad may 
be routed through the network without passing through 
an IP switch 502. Thus, both translated IP data and con- 15 
ventional PVC data may be present in the SPN 500 
and/or WAN 1. 

[0029] In further embodiments of the invention, a UNI 
402 and/or a network router 501 may send data to a 
predetermined IP switch 502. In even further embodi- 20 
ments of the invention, a UNI 402 and/or a network 
router 501 selects which IP switch 502 to send data to 
based upon an algorithm (e.g., based on network traffic 
flows, the relative distance/location of an IP switch 502, 
the type of data being sent, and/or the service category 25 
selected). In still further embodiments of the invention, a 
UNI 402, network router 501, and/or IP switch 502 may 
send the same data to more than one UNI 402, network 
router 501, and/or IP switch 502, depending upon, for 
example, a service category or categories. 30 
[0030] In further embodiments of the invention, a UNI 
402, an IP switch 502, and/or a network router 501 com- 
pares a ATM VPI/VCI 303-305 address with an IP 
address for the same data. If the two addresses are 
inconsistent, then the ATM cell may be discarded, sent 35 
to a pre-determined address, and/or returned to the 
sending location. In even further embodiments of the 
invention, layers above the layer 3 IP layer may be used 
for address and/or service class generation/discrimina- 
tion. For example layer 4 of the ISO addressing scheme 40 
and/or other application level data may be utilized to 
determine particular service classes. 
[0031] Referring specifically to Fig. 9, the path of user 
data flowing through an exemplary WAN 1 is shown. As 
in the frame relay case, user data at the application 45 
layer and layer 4 requires the addition of a layer 3 net- 
work address header. In the CPE a decision is made 
based on information in layers 3 and 4 about which vir- 
tual private network (VPN), service class, or conven- 
tional PVC the packet should be routed to. Thus, a so 
packet with layer 4 information indicating it is a telnet 
(interactive) application and layer 3 information that it is 
an internal company address might go to VPN A for a 
low<lelay intranet class of service. Another packet that 
is part of a file transfer protocol (FTP) file transfer might ss 
go to VPN B with a lower service class, and a third 
packet going between two heavily utilized applications 
might go on a dedicated PVC D. These decisions are 



coded as different DLCI values, inserted in the layer 2 
frame, and sent into the UNI. 

[0032] At the UNI A 402, the switching based on the 
DLCI takes place. The packet may be routed to IP 
switch 502 in the center of the SPN 500. The first packet 
has its layer 2 frame stripped off as it is forwarded to 
VPN A. Within VPN A, the layer 3 address is now used 
to make routing decisions that send the packet to its 
destination UNI. Thus, no PVC need be established 
ahead of time for that path, and conventional routing 
methods and protocols can be used, as well as newer 
Ashortcuts routing techniques. This permits VPN A to 
provide a high Amesh- of connectivity between sites 
without requiring the customer to configure and main- 
tain the Amesh= as a large number of PVCs. The 
packet forwarded to VPN B is treated similarly except 
that VPN B is implemented with a lower service class 
(e.g. higher delay). Finally, the packet forwarded to PVC 
D has its layer 2 frame intact and passes through the 
network as a conventional frame relay frame. This 
allows customers to maintain their current connectivity 
of PVCs for their high utilization traffic paths, but still 
have a high mesh of connectivity through various VPNs. 
[0033] Thus, in various aspects of the invention, the 
WAN 1 and/or SPN 500 may be any suitable fast packet 
network receiving frame relay data packets having user 
data in a user data field. The WAN 1 and/or SPN 500 
then switches packets using one or more IP switches 
502 responsive to the user data. The user data may be 
used to discriminate between a plurality of different 
service categories based on the user data. Routing over 
the WAN 1 and/or SPN 500 may be responsive to at 
least one of the different service categories including 
discriminating based on multicast data. Additionally, the 
WAN may generate a fast packet address field respon- 
sive to the IP packet data and route the IP packet 
through the fast packet network responsive to the fast 
packet address field. Further, layer 4 information may 
be utilized to determine the quality of service. The qual- 
ity of service may include, for example, one or more of 
the following: an information rate, priority information, 
delay, loss, availability, etc. Security features may be 
implemented in the IP switch such that routing tables for 
each of the users are separated based on one or more 
service categories and/or users. In this manner the sys- 
tem is made more secure. Still further, the system may 
receive a plurality of fame relay packets over a perma- 
nent virtual circuit (PVC) at a first node in an asynchro- 
nous transfer mode (ATM) network, generate an ATM 
address based on a data field other than a data link con- 
nection identifier (DLCI) within the frame relay packets, 
and then route the packets through the ATM network 
based on the ATM address. The routing of packets may 
be responsive to one of a plurality of service categories. 
The system may provide separate routing tables within 
an ATM switch for each of a plurality of different service 
categories. The different service categories may be 
determined using internet protocol (IP) data within a 
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data field of a packet passed by the ATM switch. In a fast 
packet network, a fast packet switch may compare a 
address of a fast packet with a layer 3 internet protocol 
(IP) address contained within the fast packet and deter- 
mining whether the fast packet address is consistent 
with the layer 3 IP address. Further, for security, hard- 
ware circuits and/or software may be provided for exam- 
ination of a sending address or a destination address. 
Further, packets may be discarded responsive to a 
inconsistency being detected. The WAN 1 may include 
customer premises equipment (CPE) and a asynchro- 
nous transfer mode (ATM) switch coupled to and receiv- 
ing from the CPE frame relay data packets, and 
including address translation circuitry for translating 
data link connection identifiers from the frame relay data 
packets into ATM addresses representing a plurality of 
virtual private networks based on a predetermined serv- 
ice category associated with a particular DLCI; or the 
WAN 1 may include customer premises equipment 
(CPE) and a fast packet switch coupled to the CPE via 
one or more permanent virtual circuits ad receiving 
frame relay data packets, the fast packet switch includ- 
ing address translation circuitry for translating user data 
within the frame relay data packets into fast packet 
addresses. 

[0034] In embodiments of the present invention, data 
security is enhanced in that data may be easily and 
accurately checked for inconsistencies at the destina- 
tion. This is because these embodiments operate using 
both layer 2 and layer 3 addressing information. As a 
illustration, assume that a frame relay frame having a 
DLCI indicating VPN 1 (e.g., the corporate intranet) 
arrives in a network switch/router with an IP address of 
a particular corporate accounting system. However, 
since the VPN processor has available to it the DLCI of 
the packet (and thus information about the source of the 
packet), the VPN processor may cross-check the DLCI 
with the source IP address in the packet to see if the 
source IP address is in the rage known from the origi- 
nating site. Thus, the problem associated with the 
spoofing of IP source addresses may be significantly 
reduced. 

[0035] In still further embodiments of the invention, a 
UNI 402, an IP switch 502, and/or a network router 501 
has separate and/or partitioned routing look-up tables. 
Routing tables may be separated based upon service 
category, customer or user, and/or UNI 402. Thus, in 
some embodiments, within a VPN, a customer or user 
may have a individual routing table containing the cus- 
tomers IP network address information. In some 
embodiments, since the DLCI identifies the source of a 
frame, the DLCI may be used as a index by a IP switch, 
network router, and/or UNI for determining which rout- 
ing table to use. This allows customers to have their 
routing table size and speed governed by their individ- 
ual address space, thus speeding the routing process 
considerably. The use of separate routing tables also 
provides an added measure of security, as packets can- 
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not be mis-routed due to errors or updates in routing 
information related to other customers. 
[0036] In some embodiments, a router has multiple 
data space images paired with a single instruction 

5 space image of the routing software. Thus, for example, 
as packets arrive from Customer A, the routing software 
uses the data image for a routing table associated with 
Customer A to make a routing decision. In further 
embodiments, a single software image is used, but 

w additional indices corresponding to customers are 
added to the routing tables. In still further embodiments, 
instruction execution and data handling are processed 
separately This may be accomplished by the use of 
separate processors, one for instruction execution and 

is one for data handling. 

[0037] Fig. 12 illustrates an exemplary WAN 1 having 
both conventional routers and IP switches incorporating 
aspects of the invention. In this exemplary WAN 1 , a 
routing element 1004 and switch 1003 are connected to 

20 Customer Site A via frame relay switch 1001. Routing 
element 1007 and switch 1006 are connected to Cus- 
tomer Site B via frame relay switch 1009. Routing ele- 
ment 1012 and switch 1014 are connected to Customer 
Site C via frame relay switch 1016. Routing element 

25 1013 and switch 1015 are connected to Customer Site 
D via frame relay switch 1 01 7. In this exemplary WAN 1 . 
incoming frames 1000 from Customer Site A may be 
encoded with a layer 2 DLCI specifying VPN #1 as the 
layer 2 destination and a layer 3 address pointing to 

30 Customer Site B. In such a case, frame relay switch 
1001 switches the frames over a fame relay trunk 1002 
to switch 1003 which has layer 3 routing element 1004 
associated with it. After the frame is received by switch 
1003, the frame is forwarded to router 1004 which 

35 implements short-cut routing as described above. The 
router/switch 1003, 1004 uses the layer 2 information to 
discriminate between different source customers. The 
layer 2 information may then be discarded. Next, the 
layer 3 information in combination with a routing table is 

40 used to make a routing decision. In this case, the rout- 
ing decision would result in a layer 3 PDU 1011 being 
forwarded to router/switch 1 006, 1007. The layer 3 PDU 
1011 is then encapsulated with a layer 2 frame, the 
frame in this case being addressed to Customer Site B. 

45 Switch 1 006 then forwards the frame via a trunk 1 008 to 
fame relay switch 1009. At the egress port of frame 
relay switch 1009, the DLCI of frame relay frame 1010 is 
replaced with a value indicating that the frame origi- 
nated from, in this case, VPN #1 . The frame relay frame 

so 101 0 is then delivered to the Customer B router 

[0038] As the service grows, the functionality for mak- 
ing the VPN routing decisions may be migrated closer to 
the customer and may eventually be present in every 
switching node, as shown in Fig. 13. This can reduce 

55 the backhaul previously needed to get to the 
router/switch processing nodes and allow for optimal 
routing using all the nodes in the WAN 1 and/or SPN 
500. In the exemplary embodiment of Fig. 13, VPN #1 is 
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connected to Customer Sites A, B t C, and D. Here, 
every switching node includes a switch 1 501 and a rout- 
ing element 1502. frame relay frames 1500 having a 
DLCI directed to Customer Site B may be sent from 
Customer Site A. In such a case, frames 1 503 would be 5 
sent through VPN #1 via switching nodes 1501, 1502, 
and frames 1504 would be received at Customer Site B. 
[0039] In some embodiments, an ATM core network 
may be used for data transport, ad frame relay inter- 
faces may be used to interface with the customer. An 1 
exemplary embodiment using an ATM core network is 
shown in Fig. 14. In this embodiment, switch 2003 and 
router 2004 are connected to Customer Site A via 
switch 2000 and a frame relay/ATM conversion unit 
2001. Switch 2019 and router 2018 are connected to 11 
Customer Site B via switch 2005 and frame relay/ATM 
conversion unit 2006. Switch 2012 and router 2010 are 
connected to Customer Site C via switch 2015 and 
frame relay/ATM conversion unit 2014. Switch 2013 and 
router 2011 are connected to Customer Site D via 2c 
switch 2016 and frame relay/ATM conversion unit 2017 
Assuming that Customer Site A is sending frames 2020 
destined for Customer Site B, incoming layer 2 frames 
may be encapsulated for transport into ATM cells at 
switch 2000 according to, for example, the Network 25 
Interworking Standard. Such encapsulation may. for 
example, occur in conversion unit 2001 , external to ATM 
switch 2000. ATM cells 2002 may be sent down an ATM 
PVC designated for VPN #1 processing. ATM cells 2002 
may then be forwarded to switch 2003 and router/switch so 
2004 (which may be attached to switch 2003), where 
the ATM cells may be reassembled to obtain the layer 3 
packet information for routing within VPN #1 . Once the 
address information has been extracted from the layer 3 
packet, the packet may be segmented again into ATM 35 
cells 2009 that can be transferred through the network. 
After being sent through router/switch 2018, 2019, ATM 
cells 2008 may be converted from cells to frames at the 
external conversion unit 2006 and switch 2005. Cus- 
tomer Site B would then receive frame relay frames 40 
2021. Thus, a extra segmentation and reassembly 
(SAR) cycle may be required when using an ATM back- 
bone with a core of router/switches. However, if the VPN 
processing is pushed outward to edge switches, the 
extra SAR cycle may be eliminated. The extra SAR 45 
cycle may be eliminated because conversion from 
frame relay frames to ATM cells may take place in the 
same unit where VPN routing decisions are made. 
[0040] Traffic management may be variously config- 
ured in the WAN 1 and/or the SPN 500. For example, so 
from a customers viewpoint, the WAN 1 and/or SPN 
500 may ensure certain traffic rates for the customer. 
[0041 ] In a network, data traffic may be sent from mul- 
tiple sources to a single destination (multi-point to 
point). A Asourcte is defined as the user transmitting 55 
side of, for example, a UNI (i.e., the customer side of a 
UNI, which may be external to a WAN and/or to a VPN), 
a switch, an IP switch, and/or a router at or near the 



edge of a network A Adestination= is defined as the 
user receiving side of, for example, a UNI (i.e., the net- 
work side of a UNI), a switch, an IP switch, and/or router 
at or near the edge of a network. Traffic that is offered 
for transmission by a source to the WAN 1 and/or SPN 
500 is defined as the Aoffered traffic.^ Further, a AVPN 
source= and a AVPN destination- are a source and 
destination, respectively, which belong to a given VPN. 
A given UNI, if simultaneously sending and receiving, 
may simultaneously be a source and a destination. Fur- 
thermore, a given source may offer data traffic to multi- 
ple destinations, and a given destination may receive 
traffic from multiple sources. 

[0042] In some embodiments of the invention, a com- 
mitted delivery rate (CDR) may be assigned to each 
destination. The CDR is defined as the average number 
of bits per second that the WAN 1 and/or SPN 500 is 
committed to deliver to a given destination, wherein the 
average may be calculated over a fixed or variable time 
window. Although the word Aaverage^ will be used 
throughout, any other similar algorithm may be used, 
such as the mean, the sum, or any other useful meas- 
urement and/or statistical calculation. If the average rate 
of aggregate offered traffic (i.e. the total offered traffic) 
from one or more sources to a given destination is 
greater than or equal to a given destinations assigned 
CDR, then the WAN 1 and/or SPN 500 may guarantee 
to deliver traffic addressed to the destination at an aver- 
age rate equal to or greater than the CDR. If the aver- 
age rate of aggregate offered traffic is less than the 
CDR, then the WAN 1 and/or SPN 500 may deliver the 
offered traffic to the destination at the aggregate offered 
traffic rate (100% of the offered traffic). To clarify, let the 
number of active sources sending traffic to a particular 
destination be N. As will be described in more detail 
below, a source may be considered Aactive= during a 
given time window if the source offers at least a thresh- 
old amount of traffic to the WAN 1 and/or SPN 500 
within the given time window. Let S, be the average 
offered traffic rate, or Aoffering rate,= from each source 
/ toward a single given destination, wherein 
/ = [1. N] . Further, let R be the total rate at which 
the WAN 1 and/or SPN 500 actually delivers traffic to 
the destination. Then, the WAN 1 and/or SPN 500 will 
provide that: 



R > CDRffJ^S; k CD 



R = ZSfOtherwis 

[0043] If the aggregate offered traffic rate 3S, does not 
exceed the CDR, then 100% of the offered traffic from 
each source / may be delivered through the WAN 1 
and/or SPN 500 to the destination. However, when the 
aggregate offered traffic rate 3S, exceeds the CDR, the 
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WAN 1 and/or SPN 500 may have the discretion to 
throttle back or reduce the delivery rate of offered traffic 
from some or all of the active sources. Delivery may be 
reduced by a amount such that the total rate of traffic 
delivery R to a destination is at least equal to the desti- 5 
nation=s assigned CDR. In the situation where R is 
reduced by the network, it may be desirable to enforce 
Afairnesss for each source. In other words, it may be 
desirable to ensure that no single source may be 
allowed to be greedy by obtaining a disproportionate w 
amount of network bandwidth at the expense of other 
sources. 

[0044] To provide for fair access to the WAN 1 and/or 
SPN 500, in some embodiments each source is 
assigned at least one destination rate share (DRS). A 15 
DRS is a rate, measured in data units per unit of time 
(e.g., bits per second). A separate DRS and/or set of 
DRSs may be assigned to each source and/or group of 
sources. Further, the DRS or DRSs for a given source 
may depend upon the destination or set of destinations 20 
that the source may send traffic to. In other words, each 
source / may be assigned at least one DRS/ corre- 
sponding to the DRS assigned between a source / and 
a given destination (or set of destinations). Thus, in 
some embodiments, the DRS may be different for a 25 
given source depending upon which destination it is 
sending traffic to. In further embodiments, the DRS for a 
given source may be constant, independent of the des- 
tination. 

[0045] When a source / offers traffic at an average rate so 
Sj exceeding the CDR of a particular destination, fair- 
ness may be achieved by ensuring that each source is 
allowed to transmit at least its fair share of the CDR. A 
source=s Afair shares of the destination=s CDR is 
defined as the sources DRS divided by the aggregate 35 
DRS of active sources transmitting to a given destina- 
tion. Thus, each active source=s fair share, r„ of the 
CDR may be defined as the following: 

DRS: 4 ° 

r,- CD 

£ DRS i 



[0046] The actual network transmission rate, T it that 
the WAN 1 and/or SPN 500 chooses as conforming traf- 
fic guaranteed to be delivered from each source to a 
given destination may satisfy the following: 



when £S, ;> CDR 



T, ^ min(r,, S f ) 
[0047] Thus, in these embodiments the WAN 1 and/or 
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SPN 500 may enforce fairness by reducing one or more 
sources= actual network transmission rate T, at most 
from Si to fj, ensuring that each source obtains its fair 
share of the CDR. In some embodiments, to achieve a 
rate of at least CDR, the WAN 1 and/or SPN 500 may at 
its discretion transmit traffic from a given active source 
or sources at a rate greater than r v In fact, the WAN 1 
and/or SPN 500 may at its discretion transmit data from 
a source / at any rate between and including the fair 
share rate r, and the full offered rate S r 
[0048] If S/ is greater than T h a source may be consid- 
ered by the WAN 1 and/or SPN 500 to be a Anon-con- 
forming source. = Conformance of a source may be 
calculated using a standard leaky bucket algorithm with 
variable drain rate. Thus, the conforming Adepths of a 
Abuckete would be DRS;* W In other words, the maxi- 
mum number of bits that will be sent to the network 
within a given time window of length W is equal to 
DRS/* W. During a given time window of length W, the 
Ad rain rate= of the Abucket= is equal to T, which is cal- 
culated during previous time windows. Thus, data pack- 
ets inserted Aabove= the conforming bucket depth may 
be labeled as Anon-conforming. s= In other words, for a 
given time window, data packets in excess of the total 
DRS/* W number of bits may be labeled as non-con- 
forming data packets. In such a situation, some or all of 
the source data packets equal to the difference between 
Sj and Tj may be labeled as non-conforming data pack- 
ets, and some or all of the non-conforming data packets 
may be dropped. 

[0049] This does not mean that data cannot be of a 
bursty or rate-variant nature. Although exemplary 
embodiments have been described as operating using 
average rates, real-time rates may vary within any given 
time window of length W. Thus, a certain amount of 
burstiness of data is allowable. This maximum burst size 
is the maximum number of bits that the WAN 1 and/or 
SPN 500 guarantees to transfer during a time window 
W. 

[0050] In further embodiments of the invention, the 
WAN 1 and/or SPN 500 may provide forward conges- 
tion notification to a destination. For example, the WAN 
1 and/or SPN 500 may provide a layer 2 binary indica- 
tion that the CDR is being exceeded by using the frame 
relay forward explicit congestion notification (FECN) bit 
and/or a layer 3 message that indicates a non-conform- 
ing source and optionally contains rate information for 
that source (e.g. the actual transmitted rate 7/ and/or 
the excess rate S,- - 7)). Furthermore, in some embodi- 
ments, multiple non-conforming sources might be listed, 
even within a single message. In these forward conges- 
tion notification embodiments, conformance may be 
measured at the network side of a destination. In some 
embodiments, a forward congestion notification may be 
provided to a given destination when the offering rate S, 
of a active source offering to send traffic to the destina- 
tion exceeds the actual network transmission rate T t for 
the source. 
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[0051 ] Non-conforming packets that cannot be trans- 
mitted on the egress port of a source may be dropped 
with or without any indication to the source or destina- 
tion. To measure conformance of a source, the amount 
of excess bandwidth available to the sources for trans- 
mission to the destination should be determined. To cal- 
culate the excess bandwidth, let W y be the 7 th time 
window. The excess bandwidth above the fair share 
bandwidth may be computed as 



E = C0fl-£min(r,.,S,)-/WS, 
/ 

wherein M is defined as the number of possible sources it 
from which a destination may receive traffic, and 
wherein B is defined as a predetermined reference rate. 
The introduction of reference rate B effectively reserves 
network bandwidth for a inactive source, thus ensuring 
that a previously Inactive source that becomes active 20 
can send at least some traffic through the network dur- 
ing time period Wy. Specifically, the WAN 1 and/or SPN 
500 may ensure that each source=s 7} is guaranteed to 
be at least a minimum reference rate 8. In this situation, 
a source is considered active during Wj if more than 25 
B*Wj units of data (e.g., bits) are received during Wj. It 
is desirable to define B to be relatively small as com- 
pared with S/ so as to retain as much excess bandwidth 
as possible, yet still large enough to ensure network 
availability to a non-active source (non-sending source 30 
with respect to a given destination) that may later 
become active with respect to a given destination. In 
some embodiments, B may be a predetermined rate. In 
further embodiments, B may vary with time, with the 
number of inactive sources, with the number of active 35 
sources, and/or with the total number of sources. In still 
further embodiments, B for a source may depend upon 
a priority classification assigned to the source. In still 
further embodiments, when a previously inactive source 
becomes active, the priority assigned to the source may 40 
depend upon the content of the data (e.g., data payload, 
DLCI, and/or address) offered to be sent. Thus, S may 
not be the same for each source. 
[0052] Once the excess bandwidth is determined, the 
maximum conforming actual network transmission 45 
rates, T h may be calculated. To accomplish this, 7} for 
each source may first be set by default to min(r„S, ). 
Then the excess bandwidth, E t may be distributed 
among some or all of the sources that are actively trans- 
mitting to the given destination, thus adjusting or raising 50 
Tj for these sources. In some embodiments, the excess 
bandwidth may be uniformly distributed among some or 
all of the active sources. In further embodiments, the 
excess bandwidth may be distributed among these 
sources according to source priority, data priority. 55 
and/or DLCI. 

[0053] In further embodiments, the WAN 1 and/or 
SPN 500 may provide backward congestion notification 



to a non-conforming source. Such notification may be in 
the form of a layer 2 and/or a layer 3 message indicating 
a destination(s) for which the non-conforming source is 
exceeding T- f and/or rate information for the non-con- 
forming source (e.g. the actual transmitted rate 7} 
and/or the excess rate S, -7}). However, a layer 2 notifi- 
cation by itself may not be preferable, since a source 
receiving only a layer 2 notification may not be able to 
distinguish between destinations to which the source is 
conforming and those for which it is not conforming. In 
some embodiments, a backward congestion notification 
may be provided to a given active source when the 
offering rate S, of the source exceeds the actual net- 
work transmission rate 7} for the source. In further 
embodiments, a user at a non-conforming source may 
be notified of congestion information, the assigned 
CDR, DRSj, f„ and/or T h In still further embodiments, it 
may be up to a user to decide how to act upon a con- 
gestion notification. In even further embodiments, a 
source may reduce its offering rate S, in response to 
receiving a backward congestion notification. 
[0054] In these backward congestion notification 
embodiments, conformance may be implemented at the 
network side of the source UNI. In such embodiments, 
feedback concerning the destination delivery rate may 
be required from the destination. The feedback may 
also contain information regarding the rate share of the 
active sources at the destination and/or the CDR 
divided by the aggregate rate. 

[0055] While exemplary systems and methods 
embodying the present invention are shown by way of 
example, it will be understood, of course, that the inven- 
tion is not limited to these embodiments. Modifications 
may be made by those skilled in the art, particularly in 
light of the foregoing teachings. For example, each of 
the elements of the aforementioned embodiments may 
be utilized alone or in combination with elements of the 
other embodiments. Additionally, although a meshed 
network is shown in the examples, the inventions 
defined by the appended claims is not necessarily so 
limited. Further, the IP switch may convert from any 
higher level IP like protocol to any fast-packet like proto- 
col and is not necessarily limited to the ATM/IP example 
provided above. Furthermore, examples of steps that 
may be performed in the implementation of various 
aspects of the invention are described in conjunction 
with the example of a physical embodiment as illus- 
trated in Fig. 5. However, steps in implementing the 
method of the invention are not limited thereto. Addition- 
ally, although the examples have been derived using the 
IP protocol for layer three, it will be apparent to those 
skilled in the art that any version of IP or IPX could be 
used as the layer three routeable protocol. Furthermore, 
it will be understood that while some examples of imple- 
mentations are discussed above regarding IP and ATM 
protocols, the invention is not intended to be limited 
solely thereto, and other protocols that are compatible 
with aspects of the invention may be used as well. 
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[0056] Where technical features mentioned in any 
claim are followed by reference signs, those reference 
signs have been included for the sole purpose of 
increasing the intelligibility of the claims and accord- 
ingly, such reference signs do not have any limiting s 
effect on the scope of each element identified by way of 
example by such reference signs. 

Claims 

10 

1. In a fast-packet network, a method comprising the 
step of managing according to a committed delivery 
rate at least one of a plurality of actual network 
transmission rates for at least one of a plurality of 
active sources, the committed delivery rate being is 
associated with a destination. 

2. The method of claims 1 or 21 further including the 
step of averaging at least one of a plurality of offer- 
ing rates of at least one of the active sources over a 20 
time window. 

3. The method of claim 2 further including the step of 
defining a length of the time window to be variable. 

25 

4. The method of claim 1 wherein the step of manag- 
ing includes the step of controlling a total delivery 
rate (R) to the destination according to the commit- 
ted delivery rate (CDR) and a plurality of offering 
rates (S) of a first group of the plurality of active 30 
sources /, the active sources in the first group offer- 
ing to send a plurality of data packets to the destina- 
tion, such that: 

35 

R > CDR if £S/S> CD 



R = LSj otherwi 40 

5. The method of claims 4 or 10 wherein the step of 
managing further includes the step of identifying at 
least one of the data packets as being nonconform- 
ing when a sum of the offering rates of the first 45 
group of active sources is greater than the commit- 
ted delivery rate. 

6. The method of claims 5 or 25 wherein the step of 
managing further includes the step of dropping at so 
least one of the identified data packets. 

7. The method of claim 1 further including the step of 
assigning a destination rate share to each of a first 
group of the active sources, the first group of active ss 
sources offering to send a plurality of data packets 

to the destination. 
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8. The method of claim 7 wherein the step of assign- 
ing includes the step of assigning the destination 
rate share according to an identity of the destina- 
tion; and/or 

wherein the step of managing includes the step of 
managing according to the destination rate shares 
of the first group of active sources an actual net- 
work transmission rate for at least one of the active 
sources in the first group of active sources. 

9. The method of claim 8 wherein the step of manag- 
ing further includes the step of determining a fair 
share rate (r) for at least one of the active sources / 
in the first group of active sources according to the 
destination rate share (DRS) of the at least one 
active source and the committed delivery rate 
(CDR), such that: 



J^DRSj 



10. The method of claim 9 wherein the step of manag- 
ing further includes the step of adjusting the actual 
network transmission rate (T) for at least one of the 
active sources / in the first group of active sources 
according to an offering rate (S) of the at least one 
active source, the fair share rate (r) of the at least 
one active source, and the committed delivery rate 
{CDR), such that: 



when £S, ^ CDR 



T f £ min(r,, S,) 

11. The method of claims 1 or 21 further including the 
step of reserving a first portion of network band- 
width for a first inactive source sufficient to allow the 
first inactive source to begin to send data packets 
through the network at a rate at least equal to a first 
reference rate. 

12. The method of claim 1 1 further including the step of 
determining the first reference rate according to a 
total number of inactive sources; and/or 

further including the step of determining the 
first reference rate according to a first priority 
classification of the first inactive source. 

13. The method of claims 1 or 21 wherein the step of 
managing includes the step of notifying at least one 
of the active sources of network congestion by pro- 
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viding a backward congestion notification to the at 
least one active source when an offering rate of the 
at least one active source exceeds the actual net- 
work transmission rate for the at least one active 
source. 5 

14. The method of daim 13 wherein the step of notify- 
ing the at least one active source includes the step 
of providing a Layer 2 backward congestion notifi- 
cation to the at least one active source; or w 
wherein the step of notifying the at least one active 
source includes the step of providing a Layer 3 
backward congestion notification to the at least one 
active source; or 

15 

further including the step of reducing the offer- 
ing rate of the at least one active source 
responsive to the backward congestion notifi- 
cation. 

20 

15. The method of claim 14, second alternative, 
wherein the step of notifying the at least one active 
source further includes the step of providing infor- 
mation representing an identity of a destination, the 

at least one active source offering to send a plurality 25 
of data packets to the destination; or 
wherein the step of notifying the at least one active 
source further includes the step of providing infor- 
mation representing the actual network transmis- 
sion rate of the at least one active source. 30 

16. The method of claim 1 or 21 wherein the step of 
managing includes the step of notifying a destina- 
tion of network congestion by providing a forward 
congestion notification to the destination when an 35 
offering rate of at least one of the active sources 
exceeds the actual network transmission rate for 

the at least one active source, the at least one 
active source offering to send a plurality of data 
packets to the destination. 40 

17. The method of claim 16 wherein the step of notify- 
ing the destination includes the step of providing a 
Layer 2 forward congestion notification; or 

wherein the step of notifying the destination 45 
includes the step of providing a Layer 3 forward 
congestion notification. 

18. The method of claim 17, second alternative, 
wherein the step of notifying the destination further so 
includes the step of providing information repre- 
senting an identity of the first active source; or 
wherein the step of notifying the destination further 
includes the step of providing information repre- 
senting the averaged offering rate of the at least 55 
one active source and the actual network transmis- 
sion rate for the at least one active source. 



19. The method of claim 9 wherein the step of manag- 
ing further includes the step of distributing an 
excess network bandwidth among at least two of 
the active sources. 

20. The method of claim 1 9 wherein the step of manag- 
ing further includes the step of determining the 
excess network bandwidth (E) according to the 
committed data rate (CDR), the fair share rates 
(r),the offering rates (S), a reference rate (B), and a 
total number (A/7) of sources capable of sending 
data to the destination, such that: 



E = CDR-£min(r ,,S fi-MB. 



or further including the step of determining a 
maximum conforming actual network transmis- 
sion rate for at least one of the active sources 
according to an amount of excess network 
bandwidth that is distributed to the at least one 
active source. 

21. In a fast-packet network, a method comprising the 
step of managing according to a plurality of destina- 
tion rate shares at least one of a plurality of actual 
network transmission rates for at least one of a plu- 
rality of active sources, each destination rate share 
being associated with one of the active sources. 

22. The method of claim 21 further including the step of 
assigning at least one of the destination rate shares 
according to an identity of a destination. 

23. Tiie method of claim 21 wherein the step of manag- 
ing includes the step of determining a fair share rate 
(r) for at least one of the active sources / in a first 
group of the plurality of active sources according to 
the destination rate share (DRS) of the at least one 
active source in the first group and a committed 
delivery rate {CDR), the active sources in the first 
group offering to send a plurality of data packets to 
a destination, such that: 



Z DRS i 



24. The method of claim 23 wherein the step of manag- 
ing further includes the step of adjusting the actual 
network transmission rate (7) for at least one of the 
active sources / in the first group of active sources 
according to an offering rate (S) of the at least one 
active source, the feir share rate (r) of the at least 
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one active source, and the committed delivery rate 
(CDR) t such that: 



when £S, :> CDR , 

T f > min(r,., s,). 

25. The method of claim 24 wherein the step of manag- 
ing further includes the step of identifying at least 
one of the data packets as being nonconforming 
when a sum of the offering rates is greater than the 
committed delivery rate. 
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